# Encoding: UTF-8
require 'digest/sha1'

class UserController < ApplicationController
  include ApplicationHelper
  helper :profile, :avatar
  before_filter :protect, :only => [:index, :edit, :edit_password]
  

  def index
    @title = "Expressions..."
    # This will be a protected page for viewing user information.
    @user = User.find(session[:user_id])
    make_profile_vars
    @user.spec ||= Spec.new
    @spec = @user.spec
    @user.faq ||= Faq.new
    @faq = @user.faq
    @blog = @user.blog ||= Blog.new


  end

  def register
    @title = "Registro"
    if param_posted?(:user)
      @user = User.new(params[:user])
      if @user.save
        @user.login!(session)
        flash[:notice] = "Usuario #{@user.screen_name} creado!"
        redirect_to_forwarding_url
      else
      @user.clear_password!
      end
    end
  end

  def login
    @title = "Entre a Expression..."
    if request.get?
      @user = User.new(:remember_me => remember_me_string)
    elsif param_posted?(:user)
      @user = User.new(params[:user])
      user = User.find_by_screen_name_and_password(@user.screen_name,
      @user.password)
      if user
        user.login!(session)
        @user.remember_me? ? user.remember!(cookies) : user.forget!(cookies)
        flash[:notice] = "Usuario #{user.screen_name} se ha autenticado!"
        redirect_to_forwarding_url
      else
        @user.clear_password!
        flash[:notice] = "Usuario y/o password incorrecto"
      end
    end
  end

  def logout
    User.logout!(session, cookies)
    flash[:notice] = "Usted ha cerrado session"
    redirect_to :action => "index", :controller => "site"
  end

  # Edit the user's basic info.
  def edit
    @title = "Editar información básica"
    @user = User.find(session[:user_id])
    if param_posted?(:user)
      attribute = params[:attribute]
      case attribute
      when "email"
        try_to_update @user, attribute
      when "password"
        if @user.correct_password?(params)
          try_to_update @user, attribute
        else
          @user.password_errors(params)
        end
      end
    end
    # For security purposes, never fill in password fields.
    @user.clear_password!
  end

  private

  # Protect a page from unauthorized access.
  def protect
    unless logged_in?
      session[:protected_page] = request.fullpath
      flash[:notice] = "Favor de firmarse primero."
      redirect_to :action => "login"
    return false
    end
  end

  # Return true if a parameter corresponding to the given symbol was posted.
  def param_posted?(symbol)
    request.post? and params[symbol]
  end

  # Redirect to the previously requested URL (if present).
  def redirect_to_forwarding_url
    if (redirect_url = session[:protected_page])
      session[:protected_page] = nil
      redirect_to redirect_url
    else
      redirect_to :action => "index"
    end
  end

  # Return a string with the status of the remember me checkbox.
  def remember_me_string
    cookies[:remember_me] || "0"
  end

  # Try to update the user, redirecting if successful.
  def try_to_update(user, attribute)
    if user.update_attributes(params[:user])
      flash[:notice] = "Su #{attribute} ha sido actualizado."
      redirect_to :action => "index"
    end
  end
end
